user at host fun with stunnel
Paul-Andrew Joseph Miseiko
esoteric at teardrop.ca
Thu Dec 9 00:02:14 EST 2004
Not without modifications to the IRCD source code.
It is probably a better idea to use a client SSL patch with the IRCD.
Or you could just consider the "user at internal.ip" a "feature".
ps. don't run stunnel as root.
Behind every great man is a great woman...and behind every great woman is some guy staring at her butt!
On Wed, 8 Dec 2004, Matt Best wrote:
> Hey again listers,
> I'm in a bit of an interesting quagmire here. I use stunnel
> (http://www.stunnel.org) to offer ircd over SSL to my users.
> This is my stunnel statement:
> /usr/sbin/stunnel -r 192.168.0.25:6667 -d 192.168.0.25:8887 -p
> /etc/ssl/certs/stunnel.pem -o /var/log/stunnel.ext.log
> This reads as "listen on port 8887 and encrypt all connections to this
> port, then redirect to port 6667". The ircd is listening on 6667. I
> basically have a standard NAPT gateway in front of the server that
> redirects port 8887 to 192.168.0.25.
> The problem with this, is I think it kinda breaks ident. When a user
> connects, they are always connected as "root at 192.168.0.25", instead of
> "user at isp-assigned-ip-address-or-hostname".
> Can anybody think of a way around this? I understand this may be
> beyond the scope of this list. Any suggestions are appreciated.
> Kind regards,
More information about the hybrid